Cybersecurity still not a priority for businesses, say experts

Cybersecurity still not a priority for businesses, say experts

They say many firms see safeguarding against cyberattacks as an additional IT expense rather than a key business investment.

hacker scammer
Malaysian businesses are reported to have suffered an average of 1,050 cyberattacks a day in the first half of 2025.
PETALING JAYA:
Malaysian businesses remain highly vulnerable to cyberattacks as many of them still treat cybersecurity as more of an additional cost instead of a core business investment, say experts.

SL Rajesh, computer forensics head of the International Association for Counterterrorism and Security Professionals Centre, said many businesses were still struggling with the basics of digital protection.

This despite Malaysia’s digital economy growing rapidly in sectors such as manufacturing, retail and e-commerce, he added.

“A surprising number of businesses continue to run on old software versions with known bugs. These act as open doors for hackers to exploit,” he told FMT.

Rajesh said this oversight potentially allows digital burglars to install malware silently and hijack computer systems, which can open the floodgates to significant financial and reputational damage.

He urged bosses to treat cybersecurity as an ongoing investment to ensure their business continuity and not just an IT expense. “Cybersecurity is no longer a ‘nice-to-have’, it’s a business survival issue.”

Universiti Sains Malaysia cybersecurity research centre director M Selvakumar said a lack of user awareness and cybersecurity talent were also major weaknesses faced by local businesses.

“The biggest factor behind the rise in cyber threats is not the technology itself but us. The human element remains the weakest link in cybersecurity.

“Employees may use weak passwords, fall for convincing phishing scams, or use personal devices (for work purposes) without proper security protocols in place,” said Selvakumar.

He also said most businesses did not have a budget to hire dedicated cybersecurity teams to maintain constant vigilance, while many web developers, engineers and system administrators were not trained on integrating security and privacy into system design.

“Murphy’s Law applies all too well in cybersecurity, that is anything that can go wrong will go wrong. Even the most advanced multi-million-dollar security system can be rendered useless if the master password is something as simple as ‘admin@123’,” he said.

Cybersecurity firm Kaspersky had reported that Malaysian businesses were among the top targets for web-based threats in Southeast Asia, with an average of 1,050 cyberattacks a day in the first half of 2025.

This was a 16% increase from the same period last year, reflecting a clear upward trend as digital infrastructure continues to expand.

Selvakumar warned that the impact of such cyberattacks extended beyond financial losses and could include loss of reputation, erosion of customer trust, operational downtime, and further expenses for disaster recovery and system restoration.

Both experts said investing in better protection may be pricey, but it would always cost less and be more affordable than paying the cost of a cybersecurity breach.

Selvakumar said companies should be willing to engage professional firms that offer security operations centre services to continuously monitor for threats, as well as appointing consultants at least once a year to identify and mitigate potential vulnerabilities.

Rajesh suggested holding regular cyber awareness campaigns for employees and giving software developers and engineers specialised technical training.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.